IBM i Global

IBM i Global

Connect, learn, share, and engage with IBM Power.

 View Only

  • 1.  From Gothenburg to IBM i 7.6 & MFA: Our Adventure in Security by Default

    Posted 6 days ago

     

    Fresh back from the CEC in Gothenburg, energized and ready for action! 🚀 Our first mission? Upgrading our IBM i system to the new 7.6 release and locking it down with Multi-Factor Authentication (MFA).

    Here's a rundown of our deep dive into the future of Power Systems security.

    🔒 From "Security by Design" to "Security by Default": The Real Game-Changer

    Right after installation, we immediately ran into (in a good way!) the most revolutionary aspect of this release: the shift from a "Security by Design" to a "Security by Default" philosophy.

    What does this mean in practice?

    • 🔹 Security by Design (The Past): The OS provided all the tools to make your system secure, but you had to actively enable and configure them. By default, many doors were "left ajar."
    • 🔹 Security by Default (The Present): IBM i 7.6 is born locked down. Security is no longer an option, but the starting point. To even begin "tinkering," we had to explicitly configure and authorize users and services. This is a fundamental mindset shift that puts security first, without compromise.

    It wasn't a walk in the park. Juggling Memos to Users, manuals, and even opening a support ticket with IBM (the release did show some teething issues), we finally tamed the "beast": release 7.6 is now live and operational!

     MFA Configuration: Passed with Flying Colors!

    The next step was to enable Multi-Factor Authentication (MFA).

    The experience was surprisingly smooth:

    1. Activation: Required an IPL, as expected.
    2. Integration: The new field for the second factor magically appeared on the login screen, in Navigator for i, and in ACS.
    3. Field Test: We used a standard, free TOTP generator (like Google/Microsoft Authenticator) and it worked perfectly.
    4. Compatibility: The real highlight? We tested connections with clients that don't natively support MFA, like FileZilla, and with the right setup, access was still managed correctly.

    Great job, IBM!

    ⚠️ A Note of Caution: Farewell, STRSDA and STRRLU!

    Every update brings a few goodbyes. With 7.6, we bid farewell to two legacy commands: STRSDA and STRRLU.

    It's no longer possible to edit screens and reports directly from PDM.

    The solution? Rely on modern, external tools. I've been using IBM Rational Developer for i (RDI) for years, and I can confirm it integrates seamlessly with the new release for these tasks.

    What's next?

    This is just the first step. Now the real fun begins: continuing to explore this new, incredible powerhouse of security and features.

    What about you? Have you planned your upgrade to IBM i 7.6? What are your main concerns or expectations about "Security by Default"? Let's discuss in the comments!

    Stay Tuned!

    #IBMi #AS400 #PowerSystems #CyberSecurity #MFA #SecurityByDefault #IBM #RPG #ITInfrastructure #SystemAdministrator #IBMi76 #RDI #CECgothenburg



    ------------------------------
    [Giancarlo] [Lui]
    [CTO]
    [Horsa Power]
    [Milan] [Italy]
    02 3359 1375
    ------------------------------


  • 2.  RE: From Gothenburg to IBM i 7.6 & MFA: Our Adventure in Security by Default

    Posted 5 days ago

    Ciao Giancarlo

    As the Common Europe Treasurer, it is great to see that your attendance at the Common Europe Congress this month brought some immediate benefit to you, as described above.  

    I hope you enjoyed the rest of the conference and I look forward to meeting you at CEC 2026 in Lyon next year. 

    Regards,

    Steve



    ------------------------------
    Steve Cast
    Practice Director
    Fresche Solutions
    Redbourn
    01582 794229
    ------------------------------

    Original Message


Related Content